The config file has a lot of options, in short this is where you configure a database connection string and reference your jdbc jar file. Full details are here. By default any of the examples that come with the Solr distribution use a plain text username and password. This can be potentially viewed from the front end:http://hostname:8983/solr/ > Select Collection from the drop-down > Click data Import > expand configurationObviously we do not want to store our username and password in plain text. The config file includes an option to encrypt the password and then store the key in a separate file.
Storing passwords in plaintext is a classic mistake that I see far too often. And then when someone checks in that config file to a public GitHub repo…